From: Peter Korsgaard <peter@korsgaard.com>
To: Christian Stewart <christian@aperture.us>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Anisse Astier <anisse@astier.eu>,
"Yann E . MORIN" <yann.morin.1998@free.fr>,
buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH-NEXT v1 1/1] package/go: security bump to version 1.21.1
Date: Fri, 08 Sep 2023 12:20:25 +0200 [thread overview]
Message-ID: <87edj9ezkm.fsf@48ers.dk> (raw)
In-Reply-To: <20230906200951.2712954-1-christian@aperture.us> (Christian Stewart's message of "Wed, 6 Sep 2023 13:09:51 -0700")
>>>>> "Christian" == Christian Stewart <christian@aperture.us> writes:
> go1.21.1 (released 2023-09-06) includes four security fixes to the cmd/go,
> crypto/tls, and html/template packages, as well as bug fixes to the compiler,
> the go command, the linker, the runtime, and the context, crypto/tls,
> encoding/gob, encoding/xml, go/types, net/http, os, and path/filepath packages.
> Security fixes:
> CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary execution
> CVE-2023-39318: html/template: improper handling of HTML-like comments within script contexts
> CVE-2023-39319: html/template: improper handling of special tags within script contexts
> CVE-2023-39321: crypto/tls: panic when processing post-handshake message on QUIC connections
> https://go.dev/doc/devel/release#go1.21.0
> Signed-off-by: Christian Stewart <christian@aperture.us>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-09-08 10:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-06 20:09 [Buildroot] [PATCH-NEXT v1 1/1] package/go: security bump to version 1.21.1 Christian Stewart via buildroot
2023-09-08 10:20 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87edj9ezkm.fsf@48ers.dk \
--to=peter@korsgaard.com \
--cc=anisse@astier.eu \
--cc=buildroot@buildroot.org \
--cc=christian@aperture.us \
--cc=thomas.petazzoni@bootlin.com \
--cc=yann.morin.1998@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.